初次使用Database BackupDBS時,您需要將角色許可權(AliyunDBSDefaultRole)授權給DBS,並開通Object Storage Service,以允許DBS訪問、查詢和管理您的資料庫,並將資料庫即時備份到OSS。該授權操作是為了確保DBS備份恢複服務的正常運行,對DBS備份執行個體的效能不產生任何影響。
前提條件
登入阿里雲帳號。具體操作,請參見註冊阿里雲帳號。
步驟一:授權DBS服務關聯角色
DBS服務關聯角色(AliyunServiceRoleForDBS)是具備其他雲端服務存取權限的RAM角色,DBS接入您在阿里雲購買的雲資料庫(如RDS、MongoDB、 Redis、PolarDB)或阿里雲ECS上自建的資料庫時,需通過AliyunServiceRoleForDBS擷取存取權限。更多資訊,請參見服務關聯角色。
初次使用Database BackupDBS時,您需要將服務關聯角色(AliyunServiceRoleForDBS)授權給DBS。許可權詳情,請參見附錄:AliyunServiceRoleForDBS介紹。
步驟二:開通Object Storage Service
開通Object Storage Service不會產生費用。開通後,您使用DBS進行備份時,DBS才能將備份資料存入OSS(雲端儲存)中。
登入DBS控制台。
在彈出的提示對話方塊中,單擊立即開通使用OSS。
在彈出的對話方塊中,單擊立即開通。
在Object Storage Service頁面,閱讀並勾選服務合約,單擊立即開通。
至此,您已開通Database BackupDBS服務。
附錄:AliyunServiceRoleForDBS介紹
角色名稱:AliyunServiceRoleForDBS
角色權限原則:AliyunServiceRolePolicyForDBS
許可權說明:
{
"Version": "1",
"Statement": [
{
"Action": [
"rds:DescribeDBInstanceNetInfo",
"rds:DescribeDBInstanceNetInfoForChannel",
"rds:DescribeTasks",
"rds:DescribeDBInstances",
"rds:DescribeFilesForSQLServer",
"rds:DescribeImportsForSQLServer",
"rds:DescribeSlowLogRecords",
"rds:DescribeBinlogFiles",
"rds:DescribeSQLLogRecords",
"rds:DescribeParameters",
"rds:DescribeParameterTemplates",
"rds:DescribeDBInstanceAttribute",
"rds:DescribeDatabases",
"rds:DescribeAccounts",
"rds:DescribeSecurityIPList",
"rds:DescribeSecurityIps",
"rds:DescribeDBInstanceIPArray",
"rds:DescribeDBInstanceIPArrayList",
"rds:DescribeDBInstanceSSL",
"rds:DescribeDBInstanceTDE",
"rds:CreateDBInstance",
"rds:CreateAccount",
"rds:CreateDatabase",
"rds:ModifySecurityIps",
"rds:GrantAccountPrivilege",
"rds:CreateMigrateTask",
"rds:CreateOnlineDatabaseTask",
"rds:DescribeMigrateTasks",
"rds:DescribeOssDownloads",
"rds:CreateBackup",
"rds:DescribeBackups",
"rds:DescribeBackupPolicy",
"rds:ModifyBackupPolicy",
"rds:DescribeBackupTasks",
"rds:DescribeBinlogFiles"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ecs:DescribeInstance",
"ecs:DescribeInstances",
"ecs:DescribeVpcs",
"ecs:DescribeSecurityGroups",
"ecs:DescribeSecurityGroupAttribute",
"ecs:AuthorizeSecurityGroup",
"ecs:JoinSecurityGroup",
"ecs:RevokerSecurityGroup"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"kms:ListKeys"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"cms:PutEventRule",
"cms:PutEventTargets",
"cms:ListEventRules",
"cms:ListEventTargetsByRule",
"cms:DeleteEventRule",
"cms:DeleteEventTargets"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"polardb:DescribeDBClusterIPArrayList",
"polardb:DescribeDBClusterNetInfo",
"polardb:DescribeDBClusters",
"polardb:ModifySecurityIps",
"polardb:DescribeDBClusterEndpoints",
"polardb:DescribeDBClusterAccessWhitelist",
"polardb:ModifyDBClusterAccessWhitelist"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"dds:DescribeDBInstanceAttribute",
"dds:DescribeReplicaSetRole",
"dds:DescribeSecurityIps",
"dds:DescribeDBInstances",
"dds:ModifySecurityIps"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"kvstore:DescribeSecurityIps",
"kvstore:DescribeInstances",
"kvstore:DescribeAccounts",
"kvstore:DescribeDBInstanceNetInfo",
"kvstore:CreateAccount",
"kvstore:ModifySecurityIps",
"kvstore:DescribeInstanceAttribute",
"kvstore:AllocateInstancePrivateConnection",
"kvstore:DescribeLogicInstanceTopology"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"drds:DescribeDrdsDB",
"drds:DescribeDrdsDBs",
"drds:DescribeDrdsDbInstance",
"drds:DescribeDrdsDbInstances",
"drds:DescribeDrdsDBIpWhiteList",
"drds:DescribeDrdsInstances",
"drds:ModifyDrdsIpWhiteList",
"drds:CreateDrdsDB",
"drds:DescribeTable",
"drds:DescribeTables",
"drds:ModifyRdsReadWeight",
"drds:ChangeAccountPassword",
"drds:CreateDrdsInstance",
"drds:CreateInstanceAccount",
"drds:CreateInstanceInternetAddress",
"drds:DescribeInstanceAccounts"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"vpc:DescribeVpcs"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"bssapi:QueryResourcePackageInstances"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "hdm:AddHDMInstance",
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "dbs.aliyuncs.com"
}
}
}
]
}
相關文檔
DBS支援備份恢複的資料庫版本、資料庫物件、備份恢複的細粒度及DBS各功能模組的支援情況,請參見支援的資料庫引擎與功能。
如需瞭解DBS備份執行個體後續可能產生的費用問題等,請參見計費常見問題。
授權完成後,您也可以通過API直接建立、或建立配置並啟動備份執行個體。具體詳情,請參見CreateBackupPlan - 建立備份計劃或CreateAndStartBackupPlan - 建立並啟動備份計劃。